Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 15:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Some better elasticsearch reliability.

Browse source 
- Added a configurable option for timing out ES HTTP requests.

 - Stop sending reporter messages after one message for one failure.
This commit is contained in:
Seth Hall 2012-07-18 00:00:31 -04:00
parent 485e473561
commit 1fa182c169
4 changed files with 35 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

3
scripts/base/frameworks/logging/writers/elasticsearch.bro
View file

@ -17,6 +17,9 @@ export {
## e.g. prefix = "bro_" would create types of bro_dns, bro_software, etc.
const type_prefix = "" &redef;
## The time before an ElasticSearch transfer will timeout.
const transfer_timeout = 2secs;
## The batch size is the number of messages that will be queued up before
## they are sent to be bulk indexed.
## Note: this is mainly a memory usage parameter.